Metaforic crosses swords with software pirates

By Neil Roiter, Senior Technology Editor, Information Security magazine 29 Oct 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The market for pirated software is enormous, so it's no surprise that there's a growing market for antipiracy/antitampering software in response. Glasgow, Scotland-based Metaforic Ltd., the newest vendor in what analysts have dubbed the application hardening market, debuted its MetaFortress product in April and announced its entry in North America this week.

Software piracy: How to prevent software piracy: Security management pro Mike Rothman discusses several ways organizations can prevent software piracy and protect their intellectual property. Application hardening tools help repel software pirates: Application hardening vendors can make life difficult for software pirates, forcing them to turn to more profitable, low-hanging fruit.

IDC and the Business Software Alliance estimate that a third of the global software market is for pirated copies -- tens of billions of dollars, mostly in Russia, China and Vietnam. The theft runs the gamut from games and standard business applications, such as Microsoft Office, to high-end specialty code worth hundreds of thousands of dollars that businesses in emerging markets can purchase for a fraction of their legitimate price.

Software crackers may reverse-engineer the code or simply break the licensing protection, the low hanging fruit in many cases.

MetaFortress runs an analyzer on code to determine where and how to insert protections and then embeds the protections in the program at compile time. Like other products in this space, this approach allows organizations to separate antitampering measures from the development process if they choose, which will improve efficiency and sidestep messy turf battles within an organization.

Chief competitors in this space are Arxan Technologies Inc., Cloakware Corp., PreEmptive Solutions LLC and V.i. Laboratories Inc. They use a variety of sophisticated obfuscation techniques well beyond standard obfuscation inserted by developers, and dynamic encryption methods far stronger than the usual encryption "wrappers" that can be cracked by capturing and decompiling code at run-time.

SearchSecurity radio:

MetaFortress' differentiators in the market are ease of deployment and the ability to debug code after the solution has been applied, said Andrew McLennan, CEO at Metaforic The latter is an important tool to help certify compliance for software interoperability.

"With debugging, you can disprove that security has any influence on or is interfering with the software; it's a comfort for the customer." McLennan said. "You can continue to pass unit tests or integration compliance regimes that all large software vendors run on their applications."

McLennan said this will be especially valuable with virtualization software and for Windows.

Tags: Software Development Methodology,  Data Analysis and Classification,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Software Development Methodology How to detect software tampering Developers Need Help with Security Errors Does an EULA make it truly illegal to decompile software? SQL injection continues to trouble firms, lead to breaches IBM acquires Ounce Labs for source code analysis Microsoft issues emergency Active Template Library updates Software security threats and employee awareness training Adobe patches ColdFusion vulnerability blocking website attack nCircle statistics show rising Web application vulnerabilities Common PCI questions: Web application firewalls or source code review? Data Analysis and Classification Creating an enterprise data protection framework Analyst DLP study finds maturity, ranks top DLP vendors PCI DSS compliance requirements: Ensuring data integrity Trustwave acquires data loss prevention vendor Vericept Data has become too distributed to secure, Forrester says Compliance in the cloud Database monitoring, encryption vital in tight economy, Forrester says Best practices for log data retention Data classification best practices: Techniques, methods and projects HIPAA changes force healthcare to improve data flow Data Analysis and Classification Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bypass  (SearchSecurity.com) Common Weakness Enumeration  (SearchSecurity.com) debugging  (SearchSoftwareQuality.com) fuzz testing  (SearchSecurity.com) heuristics  (SearchSoftwareQuality.com) sandbox  (SearchSecurity.com) threat modeling  (SearchSecurity.com) trigraph  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary